Did anyone actually audit this thing?!?

[andrewgwallace]

18 vulnerabilities — 11 high severity. Includes HTTP request smuggling, CRLF injection, and unbounded memory consumption in undici (the HTTP client). These are in the dependency chain, not ruflo's own code, but they're unpatched.

[roman-rr]

Yes — we did a comprehensive audit. 8 research agents, source code analysis, hands-on testing of every major tool category.

Beyond the dependency vulns you found, here's what the code itself does:

~290 of 300+ MCP tools are stubs. They accept input and return JSON but don't execute anything:

• agent_spawn → {status: 'idle', taskCount: 0} forever
• neural_train → reports Math.random() accuracy, predictions always 'coder'
• wasm_agent_prompt → echoes input back
• verifySignature() in consensus → unconditionally returns true
• All consensus types (byzantine/raft/queen) → same JSON file handler

~10 tools actually work: memory/HNSW vector search, embeddings, terminal, sessions.

Token Optimizer claims fabricated in source:

• '352x faster' benchmark = await this.sleep(352) as baseline
• 'Cache savings' = this.stats.totalTokensSaved += 100 hardcoded
• Ruflo actually adds ~15,000-25,000 tokens/session of overhead

The architectural gap: LLM providers (AnthropicProvider with real fetch) exist. Task queue exists. Agent registry exists. But the wire connecting agent_spawn → execution is missing.

Full audit with source code proof: Independent Audit (Gist)